CVE-2018-7227

MEDIUM

Schneider Electric Pelco Sarix Professional < 3.29.67 - Unauthenticated Sensitive Information Exposure via Crafted URL

Title source: llm

Description

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that can reveal sensitive information to an attacker.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/

Scores

CVSS v3 5.3

EPSS 0.0018

EPSS Percentile 39.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-287

Status published

Products (20)

schneider-electric/ibp1110-1er_firmware < 3.29.67

schneider-electric/ibp219-1er_firmware < 3.29.67

schneider-electric/ibp319-1er_firmware < 3.29.67

schneider-electric/ibp519-1er_firmware < 3.29.67

schneider-electric/ibps110-1er_firmware < 3.29.67

schneider-electric/imp1110-1_firmware < 3.29.67

schneider-electric/imp1110-1e_firmware < 3.29.67

schneider-electric/imp1110-1er_firmware < 3.29.67

schneider-electric/imp219-1_firmware < 3.29.67

schneider-electric/imp219-1e_firmware < 3.29.67

... and 10 more

Published Mar 09, 2018

Tracked Since Feb 18, 2026